v1.0.1

Baseline Kit

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:06 AM.

Analysis

Baseline Kit appears to be a coherent offline OpenClaw config generator and auditor; the main thing to watch is that it can read and write local config files you point it at.

GuidanceThis skill looks safe to install for offline OpenClaw configuration review. Run it only against configs you intend to audit, keep audit outputs private if they reveal where secrets are stored, and review any generated baseline before replacing a real configuration.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

src/index.js

fs.writeFileSync(resolved, `${JSON.stringify(data, null, 2)}\n`, 'utf8'); ... const parsed = JSON.parse(fs.readFileSync(resolved, 'utf8'));

The tool performs local file writes for generated baselines and local file reads for audits using paths supplied to the CLI. This is central to the stated purpose, but users should choose paths carefully.

User impactThe skill can create or overwrite the output file you specify and can read the config file you ask it to audit.

RecommendationUse explicit, intended paths; avoid pointing --out at an existing production config unless you mean to replace it, and review generated files before rollout.